Tokenized Resource Access

PublishedSeptember 11, 2012

Assigneenot available in USPTO data we have

InventorsDaniel E. Kline Alexander Medvinsky

Technical Abstract

Patent Claims

26 claims

Legal claims defining the scope of protection, as filed with the USPTO.

1. A method for unlocking debugging functionality in a hardware device for one or more users, comprising: obtaining a signed permission object for the hardware device, wherein a memory of the hardware device stores a device identifier, and a last recorded sequence number, wherein the signed permission object includes a sequence number, wherein the signed permission object is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object, and further wherein the signed permission object is based on a user selected product model and a user authorized configuration; validating the signed permission object; and when the signed permission object is valid: updating the expiration counter to decrease the lifetime; storing the sequence number as the last recorded sequence number; and unlocking the debugging functionality for the one or more users based on the signed permission object.

2. The method of claim 1 , wherein the signed permission object is stored in the memory of the hardware device, and wherein the obtaining of the signed permission object is from the memory.

3. The method of claim 1 , wherein the obtaining of the signed permission object further comprises: receiving a request for a permission object request file from a server; generating the permission object request file based on information specific to the hardware device; sending the permission object request file to the server in response to the request; receiving the signed permission object from the server; storing the signed permission object in the memory of the hardware device; and storing the expiration counter in the memory of the hardware device.

4. The method of claim 3 , wherein the server maintains a log that includes an entry indicating the generation of the signed permission object for the hardware device.

5. The method of claim 1 , wherein the lifetime for the signed permission object is measured in a unit of time.

6. The method of claim 1 , wherein the lifetime for the signed permission object is measured in a number of reboots of the hardware device.

7. The method of claim 1 , wherein the signed permission object further includes a digital signature, and an object identifier, and wherein the validating of the signed permission object further comprises: authenticating the digital signature; comparing the object identifier to the device identifier stored in the memory of the hardware device; and comparing the sequence number to the last recorded sequence number stored in the memory of the hardware device, wherein the signed permission object is valid: when the digital signature is authentic, when the object identifier matches the device identifier, when the sequence number is numerically greater than the last recorded sequence number, and when the expiration counter indicates that the signed permission object is usable.

8. The method of claim 7 , wherein the memory of the hardware device stores at least one last recorded sequence number, and at least one server identifier, each server identifier associated with one of said at least one recorded sequence number, and wherein the signed permission object further includes a source identifier to identify a source that generated the signed permission object, wherein the validating of the signed permission object further comprises: comparing the source identifier to said at least one server identifier stored in the memory of the hardware device; and comparing the sequence number to said at least one last recorded sequence number stored in the memory of the hardware device, wherein the signed permission object is valid when the sequence number is numerically greater than the last recorded sequence number that is associated with the server identifier that matches the source identifier.

9. The method of claim 1 , wherein the signed permission object further includes secret data, and when the signed permission object is valid, the method further comprises: decrypting the secret data, wherein the unlocking of the debugging functionality for the one or more users is based on the decrypted secret data.

10. The method of claim 1 , wherein the diagnostics functions include at least one of a hardware port to monitor a state of the hardware device, and a service to control operation of the hardware device.

11. The method of claim 1 further comprising: receiving by the hardware device, the signed permission object from a server via a client computer, and wherein the hardware device is outside the client computer.

12. The method of claim 1 further comprising: receiving a signed permission object by the hardware device based on a request for the signed permission object by the user.

13. A system for unlocking debugging functionality in a hardware device for one or more users, comprising: a memory device resident in the device; and a processor disposed in communication with the memory device, the processor configured to: obtain a signed permission object for the hardware device, wherein a memory of the hardware device stores a device identifier, and a last recorded sequence number, wherein the signed permission object includes a sequence number, wherein the signed permission object is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object, and further wherein the signed permission object is based on a user selected product model and a user authorized configuration; validate the signed permission object; and when the signed permission object is valid: update the expiration counter to decrease the lifetime; store the sequence number as the last recorded sequence number; and unlock the debugging functionality for the one or more users based on the signed permission object.

14. The system of claim 13 , wherein the signed permission object is stored in the memory of the hardware device, and wherein the processor is configured to obtain the signed permission object from the memory.

15. The system of claim 13 , wherein to obtain the signed permission object, the processor is further configured to: receive a request for a permission object request file from a server; generate the permission object request file based on information specific to the hardware device; send the permission object request file to the server in response to the request; receive the signed permission object from the server; store the signed permission object in the memory of the hardware device; and store the expiration counter in the memory of the hardware device.

16. The system of claim 13 , wherein the lifetime for the signed permission object is measured in a unit of time.

17. The system of claim 13 , wherein the lifetime for the signed permission object is measured in a number of reboots of the hardware device.

18. The system of claim 13 , wherein the signed permission object further includes a digital signature, and an object identifier, and wherein to validate the signed permission object, the processor is further configured to: authenticate the digital signature; compare the object identifier to the device identifier stored in the memory of the hardware device; and compare the sequence number to the last recorded sequence number stored in the memory of the hardware device, wherein the signed permission object is valid: when the digital signature is authentic, when the object identifier matches the device identifier, when the sequence number is numerically greater than the last recorded sequence number, and when the expiration counter indicates that the signed permission object is usable.

19. The system of claim 13 , wherein the signed permission object further includes secret data, and when the signed permission object is valid, the processor is further configured to: decrypt the secret data, wherein the unlocking of the debugging functionality for the one or more users is based on the decrypted secret data.

20. The system of claim 13 , wherein the diagnostics functions include at least one of a hardware port to monitor a state of the hardware device, and a service to control operation of the hardware device.

21. The system of claim 13 , wherein the hardware device receives the signed permission object from a server via a client computer, and wherein the hardware device is outside the client computer.

22. The system of claim 13 , wherein the hardware device receives a signed permission object based on a request for the signed permission object by the user.

23. A method for unlocking debugging functionality in a hardware device for one or more users, comprising: obtaining a signed permission object for the hardware device, wherein a memory of the hardware device stores a device identifier, and a last recorded sequence number, wherein the signed permission object includes a sequence number, and wherein the signed permission object is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object; validating the signed permission object; and when the signed permission object is valid: updating the expiration counter to decrease the lifetime; storing the sequence number as the last recorded sequence number; and unlocking the debugging functionality for the one or more users based on the signed permission object; wherein when a state of the hardware device is indeterminate and the hardware device rejects the signed permission object, the method further comprises: receiving a signed management object; validating the signed management object; and when the signed management object is valid, reinitializing the hardware device based on the signed management object, wherein the hardware device accepts the signed permission object after the reinitializing of the hardware device based on the signed management object.

24. The method of claim 23 , wherein the signed management object further includes a management digital signature, a management object identifier, and a management transaction identifier, and wherein the validating of the signed management object further comprises: authenticating the management digital signature; comparing the management object identifier to the device identifier stored in the memory of the hardware device; and comparing the management transaction identifier to a transaction identifier stored in the memory of the hardware device, wherein the signed management object is valid: when the management digital signature is authentic, when the management object identifier matches the device identifier, and when the management transaction identifier matches the transaction identifier.

25. The method of claim 23 , wherein the memory of the hardware device stores at least one last recorded sequence number, and at least one server identifier, each server identifier associated with one of said at least one recorded sequence number, and wherein the signed management object further includes a source identifier to identify a source that generated the signed management object, wherein the validating of the signed management object further comprises: comparing the source identifier to said at least one server identifier stored in the memory of the hardware device, wherein the signed management object is valid when one of said at least one server identifier matches the source identifier, and wherein the reinitializing of the hardware device is for the server identifier that matches the source identifier.

26. A system for unlocking debugging functionality in a hardware device for one or more users, comprising: a memory device resident in the device; and a processor disposed in communication with the memory device, the processor configured to: obtain a signed permission object for the hardware device, wherein a memory of the hardware device stores a device identifier, and a last recorded sequence number, wherein the signed permission object includes a sequence number, and wherein the signed permission object is associated with an expiration counter having an initial value that indicates a lifetime for the signed permission object; validate the signed permission object; and when the signed permission object is valid: update the expiration counter to decrease the lifetime; store the sequence number as the last recorded sequence number; and unlock the debugging functionality for the one or more users based on the signed permission object; wherein when a state of the hardware device is indeterminate and the hardware device rejects the signed permission object, the processor is further configured to: receive a signed management object; validate the signed management object; and when the signed management object is valid, reinitialize the hardware device based on the signed management object, wherein the hardware device accepts the signed permission object after the reinitializing of the hardware device based on the signed management object.

Patent Metadata

Filing Date

Unknown

Publication Date

September 11, 2012

Inventors

Daniel E. Kline

Alexander Medvinsky

Want to explore more patents?

Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.

Browse All Patents Try Prior Art Search